The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.
“An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn’t otherwise access or delete,” the Rust Security Response working group (WG) said in an advisory published on January 20, 2021.
Rust 1.0.0 through Rust 1. 58.0 is affected by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS score: 7. 3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in Rust version 1.58. 1 shipped last week.
Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka symlinks) in a standard library function named “std::fs::remove_dir_all.” It creates a race condition that could be used by adversaries to exploit their privilege to delete sensitive directories.
“The advisory stated that instead of telling the system to not follow symlinks the standard library checked first if the file it was going to delete was a Symlink. If it wasn’t, it would continue to recursively remove the directory. This exposed a race condition. An attacker could make a directory, and then replace it with another symlink. “
Rust is a programming language that, although not widely used, has seen a rise in popularity in recent years due to its memory-related safety guarantee. Last year, Google announced that its open-source version of the Android operating system will add support for the programming language to prevent memory safety bugs.